Call a Specialist Today! (02) 9388 1741
Free Delivery! Free Delivery!

Aruba 2920 Series Switches
Security, scalability, and ease of use for the enterprise campus, SMB, and branch office



Aruba 2920 Series


Overview:

The Aruba 2920 Switch Series provides security, scalability, and ease of use for enterprise edge, SMB and branch office networks. A powerful ProVision ASIC delivers low latency, more packet buffering, and adaptive power consumption. This Basic Layer 3 switch series supports modular stacking, 10GbE, PoE+, static and RIP routing, Access OSPF routing, Tunneled Node, ACLs, sFlow, and IPv6. The 2920 delivers a consistent wired/wireless user experience with advanced security and network management tools with Aruba ClearPass Policy Manager and Aruba AirWave. With support from Aruba Central, you can quickly set up remote branch sites with little or no IT support. The 2920 is optimized for Software-defined Networking (SDN) with OpenFlow support.

The Aruba 2920 Switch Series provides cost-effective pay as you grow modular stacking with a 2-port stacking module, support for up to four 10GBASE-T (or SFP+) uplinks and upgradeable power supplies so your network can quickly scale when needed. The robust Basic Layer 3 feature set requires no licensing and includes a limited lifetime warranty.

Key Features

  • Aruba Basic Layer 3 switch series with stacking, static & RIP routing, IPv6, ACLs, and sFlow
  • Advanced security and network management tools with Aruba ClearPass Policy Manager and Aruba AirWave
  • Modular 10GbE uplinks (SFP+ and 10GBASE-T) and upgradeable power supplies for up to 1440W PoE+
  • Simple deployment with Zero Touch Provisioning and cloud-based Aruba Central support
  • Ready for innovative SDN applications with OpenFlow support

Features and Benefits:

Software-defined networking

  • OpenFlow supports OpenFlow 1.0 and 1.3 specifications to enable SDN by allowing separation of the data (packet forwarding) and control (routing decision) paths

Unified Wired and Wireless

  • ClearPass Policy Manager support unified wired and wireless policies using Aruba ClearPass Policy Manager
  • HTTP redirect function supports HPE Intelligent Management Center (IMC) bring your own device (BYOD) solution
  • Switch auto-configuration automatically configures switch for rogue AP detection, add VLAN, and set PoE priority when Aruba AP is detected
  • NEW Static IP visibility lets ClearPass do accounting for clients with static IP address

Quality of Service (QoS)

  • Traffic prioritization (IEEE 802.1p) allows real-time traffic classification into eight priority levels mapped to eight queues
  • Layer 4 prioritization enables prioritization based on TCP/UDP port numbers
  • Class of Service (CoS) sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), Layer 3 protocol, TCP/UDP port number, source port, and DiffServ
  • Rate limiting sets per-port ingress enforced maximums and per-port, per-queue minimums
  • Large buffers provide graceful congestion management

Connectivity

  • Flexible 10 Gb/s Ethernet connectivity up to four optional 10 Gigabit ports (SFP+ and/or 10GBASE-T)
  • Optional two-port stacking module with up to 40 Gb/s per port allows stacking of up to four switch units into a single virtual device
  • Auto-MDIX provides automatic adjustments for straight-through or crossover cables on all 10/100 and 10/100/1000 ports
  • IEEE 802.3at Power over Ethernet (PoE+) provides up to 30 W per port that allows support of the latest PoE+-capable devices such as IP phones, wireless access points, and security cameras, as well as any IEEE 802.3af-compliant end device; eliminates the cost of additional electrical cabling and circuits that would otherwise be necessary in IP phone and WLAN deployments
  • Pre-standard PoE support detects and provides power to pre-standard PoE devices
  • Dual-personality functionality includes four 10/100/1000 ports or SFP slots for optional fiber connectivity such as Gigabit-SX, -LX, and -LH, or 100-FX
  • IPv6
    • IPv6 host enables switches to be managed in an IPv6 network
    • Dual stack (IPv4 and IPv6) transitions from IPv4 to IPv6, supporting connectivity for both protocols
    • MLD snooping forwards IPv6 multicast traffic to the appropriate interface
    • IPv6 ACL/QoS supports ACL and QoS for IPv6 network traffic
    • IPv6 routing supports static and RIPng protocols
    • Security provides RA guard, DHCPv6 protection, dynamic IPv6 lockdown, and ND snooping

Performance

  • Energy-efficient design
    • 80 PLUS Silver Certified power supply increases power efficiency and savings
    • Energy-efficient Ethernet (EEE) support reduces power consumption in accordance with IEEE 802.3az
  • HPE ProVision ASIC architecture is designed with the latest ProVision ASIC, providing very low latency, increased packet buffering, and adaptive power consumption
  • Selectable queue configurations allows for increased performance by selecting the number of queues and associated memory buffering that best meet the requirements of the network applications

Convergence

  • IP multicast snooping and data-driven IGMP automatically prevent flooding of IP multicast traffic
  • LLDP-MED (Media Endpoint Discovery) defines a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones
  • IEEE 802.1AB Link Layer Discovery Protocol (LLDP) facilitates easy mapping using network management applications with LLDP automated device discovery protocol
  • PoE and PoE+ allocations support multiple methods (automatic, IEEE 802.3at dynamic,
  • LLDP-MED fine grain, IEEE 802.3af device class, or user- specified) to allocate and manage PoE/PoE+ power for more efficient energy savings
  • Local MAC Authentication assigns attributes such as VLAN and QoS using locally configured profile that can be a list of MAC prefixes

Resiliency and high availability

  • IEEE 802.1s Multiple Spanning Tree provides high link availability in multiple VLAN environments by allowing multiple spanning trees; provides legacy support for IEEE 802.1d and IEEE 802.1w
  • IEEE 802.3ad link-aggregation-control protocol (LACP) and HPE port trunking support up to 60 static, dynamic, or distributed trunks active across a stack, with each trunk having up to eight links (ports) per static trunk; and offer support for trunking across stack members
  • Ring and chain stacking topology allows failure of a link or switch in a ring of stacked switches, while the remaining connected switches continue operation
  • SmartLink provides easy-to-configure link redundancy of active and standby links

Management

  • SNMPv1, v2, and v3 provide complete support of SNMP; provide full support of industry-standard Management Information Base (MIB) plus private extensions; SNMPv3 supports increased security using encryption
  • Out-of-band Ethernet management port enables management of a separate physical management network, keeping management traffic segmented from network data traffic
  • Zero-Touch ProVisioning (ZTP) uses settings in DHCP to enable ZTP with Aruba AirWave Network Management

Manageability

  • Dual flash images provides independent primary and secondary operating system files for backup while upgrading
  • Friendly port names allow assignment of descriptive names to ports
  • Find-Fix-Inform finds and fixes common network problems automatically, then informs administrator
  • Multiple configuration files allow multiple configuration files to be stored to a flash image
  • Software updates free downloads from the Web
  • RMON, XRMON, and sFlow provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events
  • Troubleshooting ingress and egress port monitoring enable network problem solving
  • Unidirectional link detection (UDLD) monitors the link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices

Layer 2 switching

  • VLAN support and tagging supports IEEE 802.1Q (4,094 VLAN IDs) and 256 VLANs simultaneously
  • Jumbo packet support improves the performance of large data transfers; supports frame size of up to 9220 bytes
  • IEEE 802.1v protocol VLANs isolate select non-IPv4 protocols automatically into their own VLANs
  • Rapid Per-VLAN Spanning Tree (RPVST+) allows each VLAN to build a separate spanning tree to improve link bandwidth usage; is compatible with PVST+
  • GARP VLAN Registration Protocol allows automatic learning and dynamic assignment of VLANs

Layer 3 services

  • DHCP server centralizes and reduces the cost of IPv4 address management

Layer 3 routing

  • Static IP routing provides manually configured routing; includes ECMP capability
  • 256 static and 2,048 RIP routes facilitate segregation of user data, without adding external hardware
  • Routing Information Protocol (RIP) provides RIPv1, RIPv2, and RIPng routing

Security

  • Multiple user authentication methods
    • IEEE 802.1X uses an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server to authenticate in accordance with industry standards
    • Web-based authentication provides a browser-based environment, similar to IEEE 802.1X, to authenticate clients that do not support the IEEE 802.1X supplicant
    • MAC-based authentication authenticates the client with the RADIUS server based on the client's MAC address
  • Authentication flexibility
    • Multiple IEEE 802.1X users per port provides authentication of multiple IEEE 802.1X users per port; prevents a user from "piggybacking" on another user's IEEE 802.1X authentication
    • Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port switch port will accept up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
  • Access control lists (ACLs) provide IP Layer 3 filtering based on source/destination IP address/subnet and source/ destination TCP/UDP port number
  • Source-port filtering allows only specified ports to communicate with each other
  • RADIUS/TACACS+ eases switch management security administration by using a password authentication server
  • IEEE 802.1X, MAC, or Web authentication provides concurrent network access control and Web authentication of up to 24 clients per port
  • Secure shell encrypts all transmitted data for secure remote CLI access over IP networks
  • Secure Sockets Layer (SSL) encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
  • Port security allows access only to specified MAC addresses, which can be learned or specified by the administrator
  • MAC address lockout prevents particular configured MAC addresses from connecting to the network
  • Secure FTP allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorised copying of a switch configuration file
  • Switch management logon security helps secure switch CLI logon by optionally requiring either RADIUS or TACACS+ authentication
  • Custom banner displays security policy when users log in to the switch
  • STP BPDU port protection blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
  • DHCP protection blocks DHCP packets from unauthorised DHCP servers, preventing denial-of-service attacks
  • Dynamic ARP protection blocks ARP broadcasts from unauthorised hosts, preventing eavesdropping or theft of network data
  • STP root guard protects the root bridge from malicious attacks or configuration mistakes
  • Identity-driven ACL enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user
  • Per-port broadcast throttling configures broadcast control selectively on heavy traffic port uplinks
  • Private VLAN provides network security by restricting peer-to-peer communication to prevent a variety of malicious attacks; typically a switch port can only communicate with other ports in the same community and/or an uplink port, regardless of VLAN ID or destination MAC address

Monitor and diagnostics

  • Digital optical monitoring of SFP+ and 1000BASE-T transceivers allows detailed monitoring of the transceiver settings and parameters

Warranty and support

  • Limited Lifetime Warranty See www.hpe.com/networking/warrantysummary for warranty and support information included with your product purchase.
  • Software releases to find software for your product, refer to www.hpe.com/networking/support; for details on the software releases available with your product purchase, refer to www.hpe.com/networking/warrantysummary